When to secure web application ?
A web based application is available 24/7, 365 days a year. So, when is the best time to secure web application ?
If we look back at “Application Security : Topic of the Week“, security risks flaw can happen during design, development, deployment, upgrade or maintenance of the web application. And if we are using a third party library / tools, that can also be a security risk.
Because security flaw can happen during all stages of development, securing a web application is a continuous process. Security check must be made at all stages of development and even into deployment.
During the design stage, security must be considered and built into the application. An example would be encrypting user password in the database.
In the development stage, all user input must be treated as unsafe and properly checked.
At deployment stage, make sure that the installation file does not contain extra file or code that is inserted by a person with dubious intent. The server hosting the web application must also be secured.
Upgrade stage must also be checked to make sure that the upgraded file inside the application does not contain extra file or code. The web application storage must be checked for compromises before upgrade is performed.
In the maintenance stage, the web application must be properly audited to make sure that the files are intact and does not contain extra code.
If using third party libraries or tools, a security audit must also be done on those libraries or tools to make sure that they are secured properly.
The how to and best practices will be covered next time.
But, keep in mind that secure web application is very important. It is a continuous process. The best time to secure a web application is now.
If you already knows about how to secure web application, do double check your web application. Somewhere along this week, we will cover a short howto on securing web application. Stay updated and stay safe.